As the investigations on the infamous SolarWinds supply chain attacks are ongoing, the top management of the company blamed an intern for the password “solarwinds123” lapse, which is believed to be the main cause of the recent chain of cyberattacks. Sources suggest that the password was publicly accessible via a GitHub repository since June 17, 2018, before it was addressed on November 22, 2019, after being reported by a security researcher.
As part of the ongoing investigation, several U.S. lawmakers questioned the Texas-based software firm on the password issue in a joint hearing by the official House Oversight and Homeland Securities committees. In his hearing, Sudhakar Ramakrishna, CEO of SolarWinds, confirmed that the password has been in use as early as 2017.
“I believe that was a password that an intern used on one of his servers back in 2017, which was reported to our security team, and it was immediately removed. That related to a mistake that an intern made, and they violated our password policies, and they posted that password on their own private GitHub account. As soon as it was identified and brought to the attention of my security team, they took that down,” Ramakrishna said in the hearing.
“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad. You and your company were supposed to be preventing the Russians from reading Defense Department emails,” said Representative Katie Porter of California.
Till now over 18,000 high-profile customers including multiple U.S. government agencies and tech companies like Microsoft, FireEye, Boeing, and many others have been affected by the SolarWinds hack. The White House acknowledged that a Russian state-sponsored group known as the Cozy Bear or APT 29 carried out the targeted cyberattacks on several U.S. government agencies through a vulnerability in its IT management software called SolarWinds Orion. It appears that a significant amount of investment was made to ensure that the code was properly inserted and that the presence of malware remained undetected in their build environment.